Backing up multiple Office 365 mailboxes with a single “backup user” login

Backing up multiple Office 365 mailboxes is possible and easier when you use a single login. This blog explains how to achieve this without needing any extra O365 licenses.

This is our current recommended procedure for backing up office 365 mailboxes using a single task and single login. It applies to BackupAssist 365 v1.3 and later (late October 2019 release).

It is possible to create a special “backup user” login in Office 365 and use that to log in for the backup task.

This is preferred because:

  • Better security – the backup user can be assigned a special complex password that is only used in BackupAssist 365 and is never given to users.
  • No licence is required for the backup user – therefore it won’t cost anything.
  • Using a special backup user minimises the possible throttling that may be experienced on heavy usage. In the example above, if O365 throttles on a per-user basis, Fred would experience slower performance while a backup is running.

How to set up the backup user account for backing up Office 365 mailboxes

Follow these instructions:

  1. Create a new user in Office 365, as shown in the screenshot below. You can call the user anything you want, but we recommend something that will be easy to remember.
    1. Create a password at the time of setting up this user.
    2. Make sure both checkboxes at the bottom are unchecked. If you require the user to change the password, BA365 will be unable to login.
Creating a backup user for backing up mailboxes in Office 365

2. Create the user without a license. This is so you don’t have to pay for an unnecessary license.

No product licenses are needed for this backup user

3. Set the role to Exchange administrator. To do this, uncheck the “User” checkbox and then check “Exchange administrator”. This role is required to allow the user to back up multiple mailboxes. (Note: if you also wish to back up SharePoint documents with the same user identity, also check the “SharePoint administrator” role. Full details are on this page.)

You must make the backup user an Exchange administrator so it can access other mailboxes

4. Confirm the settings as shown

Confirm these settings

5. In BA365, use that new user in the task setup.

Setting up the new backup user in BackupAssist 365

Security note

Your username and password are stored securely encrypted on disk. These credentials are never included in any diagnostics file that you send to our technical support department.

Future work – oAuth authentication

We understand that some of you will be enforcing 2FA policies, and may disallow the App Password option.

We have planned an enhancement to BackupAssist 365 to allow you to authenticate via oAuth instead of using username / password authentication.

Image credit: Photo by Ethan Hoover on Unsplash

Leave a Comment

Share on email
Share on print
Share on facebook
Share on google
Share on twitter
Share on linkedin

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email. Join 1,874 other subscribers